RESEARCH & RESOURCES

Demisto Introduces Machine Learning Incident Response Platform

Demisto Enterprise learns from dynamic customer environments and analyst actions to optimize incident response and help train the next wave of security analysts.

June 30, 2017

Note: TDWI’s editors carefully choose vendor-issued press releases about new or upgraded products and services. We have edited and/or condensed this release to highlight key features but make no claims as to the accuracy of the vendor's statements.

Demisto, Inc., an innovator in security automation and orchestration technology, introduced a security operations platform that learns from analysts’ actions used to resolve incidents to optimize future incident response. The new technology, called Demisto Insights and available in the latest version of Demisto Enterprise, helps analysts during an investigation by suggesting the best methods to resolve an incident. Machine learning technology allows the solution to learn from the experts rather than rely only on historical security data.

The security industry faces a significant shortage of skilled incident response (IR) analysts. Although automation is being used to help analysts reduce manual work, organizations need to learn from experienced analysts’ actions to educate and train younger analysts. With this new release, Demisto offers prebuilt automation playbooks, more than 100 integrations, incident case management, threat feed aggregation and correlation with incidents, and now machine learning that improves the analysts’ productivity.

The latest release of Demisto Enterprise enhances the playbook authoring interface and also provides a live runtime review of the playbook execution. In addition, a new language called Demisto Transform has been introduced to help IR analysts build complex playbooks for automation much faster and without writing any code. All these capabilities enhance the experience of security analysts by making it easier to build automations and review the results of the investigation. The platform highlights findings in a single, improved view to give analysts all the details needed for decision making.

Among the 50 enhancements is Demisto’s new and improved incidents page that provides security managers a better view of status and more easily manage their teams. Also, the new incident summary page delivers a quick view of the main findings in each incident, helping managers view ongoing events and helping analysts who join an investigation get quickly oriented.